Smishing (SMS Phishing)

The cybercrime of phishing involves sending fraudulent emails that appear to be from reputable companies to obtain someone’s personal or financial information.

Smishing’ is a version of this crime that uses SMS text messages rather than emails.

In a recent case, two Sydney men were arrested for committing multiple instances of this offence.


Case background

The two accused include a 36-year-old Burwood man and a 50-year-old Macquarie Park man.

It is alleged that the pair used several “SIM boxes”, which use multiple SIM cards, to send bulk text messages to tens of thousands of people at a time.

The smishing messages sent purported to be from Australian banks and telecommunications companies. They were used to mislead victims into providing their personal or financial account information.

Police claim that in a recent two-week period, these attacks led to 45 customers from one bank alone being phished. In one instance more than $30,000 was stolen from an individual.


The investigation

The AFP led a cybercrime investigation called Operation Genmaicha. The operation was launched in July 2019 following reports of an online group allegedly sharing information about conducting fraud and phishing attacks on Australian financial institutions and their customers.

The AFP worked together with NSW Police, and collaborated with private sector partners including Westpac, CBA, ANZ and TPG Telecom.

These collaborative efforts identified a number of SIM boxes as the key source of large-scale smishing attacks.

AFP Commander Cybercrime Operations Chris Goldsmid said the sophistication of the equipment used and scale of the attacks in this investigation was extreme, with one telecommunications provider identifying more than 49,000 messages sent to its customers within the span of one week.


The search and arrest

AFP and NSW Police investigators executed search warrants on Tuesday 22 September 2020 in Macquarie Park and Burwood.

Police seized:

  • Nine SIM boxes.
  • Hundreds of SIM cards.
  • Multiple electronic devices, including mobile phones, laptops and hard drives.
  • Fake ID documents.
  • Cash, including $50,000 found inside a safe.
  • A money counter.
  • Methamphetamine of varying quantities and drug paraphernalia.

The two men were subsequently arrested.

Images and a video of one of the arrests can be viewed here.


The charges

The 50-year-old Macquarie Park man was charged with:

  • Eight counts of false or misleading information.
  • One count of using a telecommunications network with intention to commit a serious offence.
  • One count of dealing in identification information using a carriage service.
  • One count of dishonestly obtaining or dealing in financial information.
  • One count of dealing with property reasonably suspected of being proceeds of crime.
  • One count of possession of prohibited drugs.

He has been remanded in custody to next appear in Sydney Central Local Court on 18 November 2020.

The 36-year-old Burwood man is scheduled to be charged with similar offences at a later date.


Nyman Gibson Miralis provides expert advice and representation in complex cases involving scams and cybercrimes.

Contact us if you require assistance.